EmpowerID restricts access to compliance policy operations through the use of Management Roles. To work with compliance policies, users must be assigned to the appropriate roles. Management Roles are prefixed by their function in EmpowerID and include the following:
UI
...
– Management Roles prefixed with UI grant users access to specific UI elements in the EmpowerID Web interface. An example of this type of role for compliance is UI-Audit-Full-Access. This role grants users full access to the audit workflows and user interfaces needed to allow a user to review their audit tasks and those of others.
...
VIS – Management Roles prefixed with VIS grant users the ability to see specific objects in EmpowerID. An example of this type of role for compliance is VIS-Audit-All. This role grants users visibility for all audits
...
ACT – Management Roles prefixed with ACT grant users the ability to manage specific objects in EmpowerID. An example of this type of role for compliance is ACT-Audit-Object-Administration-All. This role grants users access to create, edit, and delete all audits.
Role bundle needed to manage
...
Recertification policies
To manage
...
Recertification policies, users need the following Management Role
Management Role | Access Granted by Management Role | Role Type |
|---|
...
Recertification Administrator | Grants users access to create and manage recertification campaigns and risk policies. | Role Bundle |
Individual Management Roles included in Role Bundle | ||
Management Role | Access Granted by Management Role | Role Type |
ACT- | ||
...
Grants users full object administration (Create, Update, Delete) for Separation of Duties Policies
...
Activity
...
Audit-Object-Administration-All | Grants users access to create, edit, and delete all audits. | Activity |
UI-Audit-Full-Access | Grants users full access to the audit workflows and user interfaces to allow a user to review their audit tasks and those of others. | Feature Set |
UI- |
...
Audit-Logging | Grants users |
...
access to |
...
various audit-related reports and logs. | Feature Set | |
VIS-Audit-All | Grants users visibility for all audits | Visibility |
VIS-Location-All | Grants users visibility for all locations | Visibility |
VIS-Person-All | Grants users visibility for all people | Visibility |
VIS-SetGroup-All | Grants users visibility for all Query-Based Collections |
...
Visibility
Role bundle needed to participate in Compliance activities
To participate in compliance activities, users need to have a combination of the following Management Role assignments (based on the needed scope):
...
Management Role
...
Access Granted by Management Role
...
Role Type
...
Compliance User
...
Grants users access able to participate in recertification and review SoD violations
...
Role Bundle
...
Individual Management Roles included in Role Bundle
...
Management Role
...
Access Granted by Management Role
...
Role Type
...
UI-Audit-Participant
...
Grants users limited access to the audit workflows and user interfaces to allow a user to review their audit / recertification tasks.
...
Feature Set
...
UI-SoD-Policy-Violation-Reviewer
...
Grants users access to the Separation of Duties Violation user interfaces and workflows needed to be a violation reviewer.
...
Feature Set
...
VIS-BusinessRole-All
...
Grants users visibility for all Business Roles.
...
Visibility
...
VIS-Groups-All
...
Grants users visibility for all groups.
...
Visibility
...
...
Grants users visibility for all locations.
Visibility |
...
VIS-Management-Role-All
...
Grants users visibility for all Management Roles.
...
Visibility
...
VIS-Person-All
...
Grants users visibility for all people.
...
Visibility
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
...
| style | float: left; position: fixed; |
|---|
IN THIS ARTICLE
...